Ignoring the topic of cybersecurity is something no company can afford to do. This is confirmed by a glance at the cybercrime statistics. But where should companies start to take targeted security measures? Let's begin with cybersecurity as such and then examine the areas of cloud and AI from this perspective.
What are the major security challenges Swiss companies are facing? Answer from an experienced security consultant: «Very simple: security governance.» Overseeing the processes in place to mitigate business risks is a must for organizations of any size. An entrepreneur who recently attended a risk management conference in Zurich said: «If I could turn back time to give my younger self some advice, it would be this: Even if your start-up is still small, start thinking about operational risk management now and make it a leadership topic.»
One of the most high-profile operational risks is cybercrime, or cybersecurity. Therefore, cybersecurity must be firmly established at the top level of the company and propagate to the lower levels from there. Without a top-down security culture, it’s all just hot air.
An interesting and common symptom of this lack of security culture is the overworked sysadmin.
His team was downsized to the max, and out of necessity more than desire, he has accumulated system responsibilities. However, as he is mainly there to ensure the availability of the systems, he is tempted to follow the good old «never touch a running system» approach. Security KPIs relating to concepts such as, say, least privilege, are nowhere to be found in his job description. In some cases, the sysadmin has a real interest in security. One evening he works overtime to check the domain admin accounts and, shaken by what he finds, writes a note: Clean up Active Directory! Which of course gets lost in the flood of his tasks. Three months later, people wonder why the ransomware was able to spread so quickly.
People, processes, technology, and appropriate leadership – these are the key factors. If security is not established at the top, it will not be practiced at the bottom.
There are two kinds of people: Those who say «The cloud is inherently insecure» and those who say «Cloud service providers employ hundreds of cybersecurity professionals who are much better at this than you will ever be». There is truth in both these statements.
Blindly trusting that a cloud provider offers 360-degree security will inevitably end in disappointment. Companies should therefore get familiar with the «shared responsibility model». In fact, they must continue to invest time in processes, technology, and human resources.
However, it also makes little sense to completely turn down the cloud, as it does offer convincing security benefits.
Let’s look at two core elements of cybersecurity: asset management (know what you have) and hardening (minimum functionality). Despite technological advancements, these two issues alone never fail to be poorly addressed in all but the most mature organizations. The cloud, however, has made it considerably easier to ensure appropriate asset management and hardening. With the capabilities of APIs, as offered by all major cloud providers, companies can easily deploy servers, firewalls, load balancers, and other systems automatically and homogeneously. More importantly, they can also use APIs to configure and maintain compliance of their environments, crucially without relying on complex software agents deployed on every endpoint.
The key point here is that, thanks to automation, managing the systems and configuring them securely can be worlds easier than in an on-premises environment.
Automation would also benefit our overworked sysadmin. It is the key to avoiding human errors that inevitably happen when we get bored with repetitive tasks.
Now to the elephant in the room: while the internet used to be a decentralized place, it is now being centralized again, mainly by the large cloud service providers. Companies should therefore think carefully about which and how many providers they enter partnerships with. The recent Crowdstrike incident showed just how delicate the internet infrastructure is and how monocultures make it even more fragile.
The road to success in the cloud therefore leads through a good understanding of the shared responsibility model, leveraging automation capabilities, and the careful selection of providers in terms of risk diversification.
People have never been brilliant fortune tellers. Back in the 70s and 80s, they said that AI was «on the verge of a breakthrough». Yet no one could have predicted the huge changes we have all recently experienced with the rise of generative AI.
Some cybersecurity experts believe that in 10 to 20 years, people will no longer be working in security operations centers. It is debatable whether humans will ever be completely obsolete, at least until artificial general intelligence (AGI) is developed. Nevertheless, there is no doubt that the analysis of log files, for example, has become much more effective with today's advancements. This is especially true if the log sources are configured in such a way that only meaningful data is collected.
Modern generative AI provides a fantastic tool to reduce false positives and focus on the essentials – from scanning through data to identifying issues and effectively correlating data from different sources.